In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
Debian Bug report logs -
#864058
New wireshark issues
Package:
src:wireshark;
Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>;
Reported by: Moritz Muehlenhoff <jmm@debianorg>
Date: Sat, 3 Jun 2017 18:39:01 UTC
Severity: important
Tags: security, upstream
Found in version wireshark/226+g32dac6a ...
An issue has been found in the DOF dissector of Wireshark < 227, where a heap-based out-of-bounds read can be triggered by injecting a malicious packet into the wire or by convincing someone to read a malformed packet trace file ...